Drupal 8 (cash-cow of digital agencies)…

after so many years, they cannot event get the basics right:

  • no dedicated public HTTP folder, entire codebase is exposed
  • relies on (Apache) .htaccess, serious issue for security and performance
    what about Nginx?
  • writable code folders for sites, modules, themes, etc. – not dev-friendly at all
  • what’s the place of *.inc files in 2017?!
    e.g. https://github.com/drupal/drupal/blob/8.4.x/core/includes/batch.inc
  • CSS and JS bundles are created during runtime, and no reference to a CDN for assets of the system and the users
    (that is supposed to be part of the release procedure, not runtime!)
  • have you even seen the db?! don’t waste of your time!

Just look at the versions, you’ll understand that they don’t know what they are doing! Wow, amazing progress!?

Drupal.org
Drupal Vulnerabilities

Tags:
Categories: